Saturday, January 23, 2010

Exchange 2010 Licensing and High Availability Planning FAQ

In this post I'm going to address many questions that comes around licensing with Exchange 2010 as this can be a very confusing area - it took me a while to understand it properly!

Can I have exchange 2010 standard edition mixed with exchange 2010 enterprise in the same exchange organisation?

Yes - you can. For example you could have a Exchange 2010 Enterprise Edition mailbox server DAG talking to Exchange 2010 client access servers and hub transport servers in the same active directory site.

Is exchange 2010 enterprise needed for clustering?

No - you can setup Exchange 2010 clustering with nothing but Exchange Standard Edition for all 5 roles. However you may need Windows Server Enterprise Edition or higher depending on what roles you want to cluster as exchange 2010 leverages some high availability functionality from the operating system.

Hub Transport does not require Enterprise Edition of Windows Server 2008 for high availability. This clustering functionality if built into both Exchange 2010 standard and enterprise edition. The Microsoft Exchange Mail Submission service on Mailbox servers automatically load balances between all available Hub Transport servers in the same Active Directory site.

Client Access does not require Enterprise Edition of Windows Server 2008 for high availability. To cluster a Client Access Server Array you need to implement NLB (Network Load Balancing). However if you have a third-party hardware-based network load-balancing for stateless applications such as a CAS server, you can get away from using Network Load Balancing. Remember when planning for NLB implementation it is best to create a separate VLAN for NLB cluster traffic. Network Load Balancing is a feature of Windows Server 2008 Standard and Enterprise.

Unified Messaging does not require Enterprise Edition of Windows Server 2008 for high availability. The Unified Messaging server automatically load balances connections between all available Hub Transport servers in the same Active Directory site. Unified Messaging deployments can be made more resilient by deploying multiple Unified Messaging servers where two or more are in a single dial plan. The Voice over IP (VoIP) gateways supported by Unified Messaging can be configured to route calls to Unified Messaging servers in a round-robin fashion. In addition, these gateways can retrieve the list of servers for a dial plan from DNS. In either case, the VoIP gateways will present a call to a Unified Messaging server and if the call is not accepted, the call will be presented to another server, providing redundancy at the time the call is established.

Edge Transport can be made highly available 3 different ways - all of which perform load balancing.

1. You can setup NLB (Network Load Balancing) and load balancing all edge connections. Network Load Balancing is available in both Standard and Enterprise editions of Exchange.

2. You can use a third-party hardware-based network load-balancing for stateless applications. This will allow you to use Windows Server 2008 Standard Edition and reduce licensing costs.

3. You can perform load balancing using DNS with multiple MX records with the same priority. This requires you to have a public IP address for each edge transport server sitting your DMZ so you can port forward TCP #25 uniquely on your Internet facing router.

I would recommend Windows 2008 R2 always as it comes with Powershell Version 2 naively. This means you can use remote shell functionality on your exchange servers. Powershell Version 2 is coming out on normal 2008 Server however it is still in a Community Technology Preview.

Is there different media for Exchange 2010 Standard or Enterprise?

No - There is only one Exchange 2010 media. The licensing editions that are defined by a product key. When you enter a valid license product key, the supported edition for the server is established.

No - You can setup your Exchange servers in evaluation mode (Trial Edition). Once you have your infrastructure setup how you like then you can use a valid product key to move to either Standard Edition or Enterprise Edition.

I changed my product key but the Exchange Version has not changed?

You need to reboot for this to take effect.

How long does Exchange 2010 trial edition go for?

Trial Edition goes for 120 days. If you wish to extend a trial longer then 120 days you will need to format and reload your Exchange Server(s). Trial Edition is great for proof of concepts as the customer does not need to pay for an Exchange license up front.

What is the differences in Exchange roles between Standard Edition and Enterprise Edition?

Hub Transport - None.

Client Access - None.

Mailbox Role - Standard Edition is limited to 5 databases per server. Enterprise Edition can scale to 100 databases per server. Both Standard and Enterprise Editions support DAGs. Remember if you plan to use DAGs this requires Windows 2008 Enterprise Edition as it requires the Clustering Services component. In regards to Database Availability Groups, a passive database still counts as one database - keep this in mind if you choose Exchange Standard!

Unified Messaging - None.

Edge Transport - None.

In a large enterprise installation of Exchange 2010 to keep costs down Exchange 2010 Enterprise Edition should only be installed on servers that are going to run the mailbox server role.

How many mailbox servers can I have in a DAG?

A database availability group (DAG) is the base component of the high availability and site resilience framework built into Microsoft Exchange Server 2010. A DAG is a group of up to 16 Mailbox servers that host a set of databases and provide automatic database-level recovery from failures that affect individual servers or databases.

A DAG is a boundary for mailbox database replication, database and server switchovers, and failovers, and for an internal component called Active Manager. Active Manager is an Exchange 2010 component which manages switchovers and failovers that runs on every server in a DAG.

Yes - You may install other exchange 2010 roles on a DAG cluster except Edge Transport as this role cannot be combind with any other Exchange 2010 Roles. This is a change from Exchange 2007. In a Exchange 2007 SCC or CCR mailbox cluster no other exchange roles could be installed on the cluster.

Can I use Enterprise user CALs for Exchange Server 2010 Standard Edition servers?

Yes - Enterprise Edition CALs can be used for Exchange Standard Edition.

Do I need Exchange Standard or Enterprise User CALs?

If you plan to use Exchange Unified Messaging or Archiving you need to buy Enterprise User CALs.

If you wish to use Premium Journaling (which allows you to configure archiving per mailbox) you also need Enterprise User CALs. If you wish to journaling on a mailbox database level you can get away with Standard User CALs.

Personal Tags for Archive and Retention policies is requires enterprise CALs for any mailbox they are configured on.

If you do not plan to use Unified Messaging or Archiving you can get purchase Standard User CALs.

What is the External Connector license (EC)?

The External Connector license (EC) is an optional additional server license for external users that enables access to your servers running Exchange Server 2007. With this license, you do not need to buy individual Exchange Server CALs. The EC license is purchased for every copy of Exchange Server 2007 that can be accessed by the external user. An example of an external user is a person who is not an employee or similar personnel of the company or its affiliates. This license allows access to the Exchange server by an unlimited number of external users that can include, but is not limited to, business partners, suppliers, customers, retirees, and alumni. It is licensed per server.

Can I upgrade my Standard user CALs to Enterprise user CALs?

Yes, when you buy Exchange you must always buy the exchange user licenses. These are also known as the "standard user CALs". The Enterprise CALs are an "upgrade" to the standard CALs. If you want Enterprise user CALs you must buy the standard CALs + the Enterprise CALs.

Do I need to install the Exchange 2010 user CALs?

No - You do not install the user CALs on the server. You ensure you have them to hand for licensing purposes. If your company gets randomly audited by Microsoft there can be a fine involved if you are not licensed correctly.

I have external users accessing my Exchange environment that do not work for my company. Do they require a user CAL?

No - You do not need to buy user CALs for people that do not work for your company. Instead you can get a External Connector license (EC). The External Connector license (EC) is an optional additional server license for external users that enables access to your servers running Exchange Server 2010. With this license, you do not need to buy individual Exchange Server CALs. The EC license is purchased for every copy of Exchange Server 2010 that can be accessed by the external user. An example of an external user is a person who is not an employee or similar personnel of the company or its affiliates. This license allows access to the Exchange server by an unlimited number of external users that can include, but is not limited to, business partners, suppliers, customers, retirees, and alumni. It is licensed per server.

Are Windows Server user CALs also required for my Exchange Users?

Yes - both Windows Server User CAL's and Exchange User CAL's are required. If you setting up a hosted exchange solution there is a separate licensing system called "SPLA".

I currently have Exchange 2003 with Windows Server 2003 in my environment which I have user CALs for. Can I use my Exchange 2003 licenses on Exchange 2010 and Windows Server 2008?

No - If you wish to go to the new products you need to buy new licenses. However Licenses are backwards compatible, for example if you were to buy Exchange 2010 User CALs these can be used on Exchange 2003.

Do I need to buy an Exchange 2010 server license for a Exchange Server running passive mailbox databases?

Yes - You need a license for all members in the DAG. In Exchange 2010 a server does not become passive/active like in previous versions. It's the mailbox database that is active or passive. A DAG can contain a server running both active and passive mailbox databases. Because of this Microsoft build their licensing around "all servers in a DAG must have a server license regardless if they have all mailbox databases passive or not".

When am I required to purchase new user CALs for Exchange 2010?

I had someone below ask me a very tuff question. He asked "if I was to purchase an exchange 2007/2010 edge transport server, and still use Exchange 2003 in the backend, am I still required to purchase user Client Access Licenses (CALs) for exchange 2007/2010?" The answer is yes!

This question stumped me so I contacted Graham Crawford from Microsoft Licensing. He explained to me that this is known as multiplexing in licensing terms. Whenever any software communicates with Exchange 2007/2010 in anyway, a license is required for each user communicating to that server. In this scenario all users are communicating with the edge transport server through Exchange 2003 as the edge will be used for spam filtering so user CALs for exchange 2010 are required.

Another scenario is when you have a mixed environment with say 400 users with their mailbox located on Exchange 2003, and 600 users with their mailboxes located on Exchange 2010. 1000 Exchange 2010 user CAL's are required as the 400 Exchange 2003 users are still communicating with email routing to the Exchange 2010 servers!

To summarise, as soon as you implement an Exchange 2010 server, you will require a User CAL for every user in your organisation.

Do I require licenses for shared mailboxes?

I had a user ask me if they require licenses for any shared mailboxes. This user has 250 user mailboxes and 100 shared mailboxes.

I contacted Adam from Microsoft Licensing Australia. He told me that licenses are only required per user. Shared mailboxes that multiple users access do not require a license.

If you have any other questions or about Exchange 2010 Licensing and High Availability Planning that I did not address here, please leave a comment and I will update this post answering your query ASAP.

Kristoffer - I know CAS server can be exchange standard edition and load balanced. I said "Client Access does require Enterprise Edition of Windows Server 2008 for high availability" It needs enterprise edition of windows server not exchange... as the NLB feature is part of windows server!

The Kronbergs - yes I was aware of this. I found out about this the other day. Microsoft have now included NLB as part of 2008 server. I updated this information, it is now all correct. Thankyou for the feedback.

Thanks Clint it is more clear now. I have just one question. How are the licenses of Exchange counted? If I have just Mailbox, Hub and CAS role but every of them is on different server, I still need one Exchange server license? How many Hub servers can I have for one Maibox before I need some additional licenses? Looking forward to hear from You. Miro

Can an Exchange 2010 server participate in 2 separate DAGS?(DAG1 = 2 servers in main datacenter with all active and replicated databases for both servers)(DAG2 = 1 or both servers in main datacenter and 1 server in branch office in separate AD site where branch office only contains its own active database copy and replicated copy(s) on the main datacenter servers)

orshould the branch Exchange 2010 server become a third member of DAG1 and simply not contain any replicated copies from servers in main datacenter?

The goal here is to create redundancy for the branch database. (I am also assuming our network team will resist creating a replication network on a second NIC for the branch server so I could do a single combined network for DAG2 and a dual network (public and replication) for DAG1.

My question relates to Active copies of all databases in a Data Availability Groups running on one server, and an inactive copy being maintained on another server. In the Microsoft Product Usage Rights document, it's stated that you do not need to purchase a license for the passive instance of a server product licensed in Server-CAL mode, and Exchange is part of that section. The SQL 2008 licensing guide (http://download.microsoft.com/download/1/e/6/1e68f92c-f334-4517-b610-e4dee946ef91/2008%20SQL%20Licensing%20Overview%20final.docx) also covered in the same section of the PUR clearly states that you can do database mirroring or log shipping from your active to the passive node of your SQL cluster and you still don't need that second SQL license for the passive node. Have you found a statement on the Microsoft site that indicates that this licensing pattern is not allowed for Exchange which uses a similar log shipping concept, and therefore we must buy Exchange licenses for both nodes in that cluster?

You need a license for all members in a DAG. The reason being DAG's can contain both Active and Passive databases. Remember with DAG's its not the server thats passive, its the database. A DAG member can contain say 3 active databases, and 6 passive ones.

I'm confused about CALs and using 2010 in an edge transport role in a mixed organization. Would adding a 2010 or 2007 edge transport server to a 2003 organization require upgrading CALs across the board?

check this one. I have 250 users with regular mailboxes. I also have 100 shared mailboxes, with the main user accounts disabled. Should I buy Exchange Licences for this 100 users that are disabled(total of 350), or only for 250 regular mailbox users ???

In regard to active/passive DBs, what if one's servers are segregated to host only active or only passive DBs? Does the server hosting only passive DBs in a DAG need to be licensed? My scenario involves two boxes, one in production and the other in DR, and the latter never comes into play unless the former fails first.

I had just performed an exchange 2003 to exchange 2010 migration. First off, this went flawless! I was so happy with the outcome. As many of you know, Exchange 2010 requires 64 bit OS. THEREFORE, I started the projected by creating a new 64-bit Windows 2008 enterprise server and a new windows 2008 64 bit enterprise domain controller in an existing 2003 active directory environment. First, let me say that you have to run adprep off the 2008 cd on your DC that holds your fsmo roles. I installed exchange 2010 and brought up a new BES 5.0.2 server as I thought this would be an excellent time to refresh corporate blackberry users. I love this version of exchange! I was running co-existence mode until the migration was complete and then I uninstalled exchange 2003 from my environment and retired that old clunky exchange server. Let me say that despite the noise about making your client access and mailbox role a VM. I had no issue doing this, as I am a huge VMware and virtualization fan. I have had no issue with my cas, hub, and mailbox roles all in one VM with zero performance issues. One thing I do not like is that by design store.exe is now a memory hog! However, there are parameters that you can use in adsiedit.msc where you can limit the memory usage of store.exe that work great! All in all the only complaint I got was from the helpdesk, as they cannot install Exchange management tools on their desktops because they run 32 bit OS. I told them to upgrade their desktop OS to 64 bit so they can run the tools. I know they make some third party management tools that allow your helpdesk to still perform common exchange tasks but I am NOT a big third party fan. If anyone has any questions about more details about my migration from exchange 2003 to 2010 I will be more than happy to answer them. In addition, when you plan your exchange 2010 rollout one big thing to remember here is give yourself plenty of space for the info store lun as exchange 2010 does NOT like to have less than 2 gb free space of the store lun or luns. If it goes below 2 GB mail will stop flowing and will not flow again until you free up some space. Frank Bicocchi

Thanks. Excellent info. A quick one. Do we need to purchase licenses for HUB and CAS servers located at DR servers? I remember there is a different licensing methods for SQL enterprise servers across sites.

Hi Annonymous. To answer your question, Any production Exchange Server that has either device or user connecting to it directly or indirectly requires a license. This extends to any type of Exchange protocol, from SMTP, to client access methods. Even something as simple as checking group metrics of downloading an OAB requires a license on the server. If your DR servers are never touched by end users or devices. As your DR servers will be used in DR mode, they will require a license.

Thank you, Clint. If I keep them as cold servers ( the service would be required only when we switch to the particular site) then the licenses are still required. Sorry to trouble you. I could not see any reference to these terms with respect to Exchange in MS site.

We are looking to deploy an Exchange 2010 server with just the edge transport role to use as a MTA. It will only send mail out - it will not be open to the internet to receive mail. We will obviously get a Std. edition server license, but what are the CAL requirements in this case?

Hello, Can I mix the number of CAL per version? If I would have 100 Exchange 2010 Standard CAL, can I have only 25 Exchange 2010 2010 Enterprise CAL for the management that will use the Enterprise CAL features? of do I need to buy 100 CAL of each type?

Dear, please give me answer. I have windows server 2008 R2 enterprise edition for Exchange 2010 mailbox role including DAG, i have installed exchange 2010 standard edition, i want to create 4 DB's at 1 server and passive copies of these 4 DB's on other DAG member with standard edition, is it supported that we can have upto 5 DB's per server in DAG using standard edition.

hi Clint Boessen, i want to deploy excahange for over 5000 users in a single forest (new setup). Do i need to get CALs for the 5000 users or do i can the exchange 2010 ent. edition allow a 120days access period before i get the license

I would like to share with you my experience, I went to www.vinhugo.com to buy a key, to my surprise, their attitude is very good, but the key work is normal, there is very little money I spent, very happy the first purchase and recommend it to you.

I have a question CALs for Unified Messaging: We use a separate Server with 3rd Party Software (no Microsoft) as UM-Server. Incoming faxes receives the UMS. The UMS has an own database with fax-number and the corresponding mail adress. After a fax arrives, the UMS send it as a mail to the corresponding mail adress at the Exchange Server and the user recieves it in his Outlook. Not the Exchange Server receives the fax and change the format to a mail but the UM-Server do. Exchange Server only receives a mail with a file.So, do I need for every Outlook-User an Exchange Enterprise CAL or can we use the Standard CAL? Thanks